MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, with a significant number pointing to potentially malicious domains, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV detection strongly suggest malicious content. The embedded URLs and the heuristic firings point towards a phishing or scam campaign designed to redirect users to harmful websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/123?utm_term=yowhatsapp+free++old+version PDF link annotation
- http://reduslim-officialsite.site/wedding_budget_template_australiarxkmd.pdfIn PDF document text
- http://idealslim-italiaofficial.site/how_much_is_a_winchester_ranger_30-30_worthcvxqd.pdfIn PDF document text
- http://kzrovk.xyz/66310693519t78sl.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/vavejijitatofu/pojadidotomam.pdfIn PDF document text
- https://s3.amazonaws.com/vuraradaso/apple_pie_apk_prank.pdfIn PDF document text
- https://s3.amazonaws.com/lodazojamuva/90548349408.pdfIn PDF document text
- https://s3.amazonaws.com/vovabagubajegeb/1994_video_game_buyers_guide.pdfIn PDF document text
- https://0dd4521b-3e41-4083-9bcc-807cce03ae78.filesusr.com/ugd/cfe2e9_02c674d5c78949d8bada5261ef6e44b0.pdf?index=trueIn PDF document text
- http://jidabalelibixu.rf.gd/armor_of_god_coloring_pages.pdfIn PDF document text
- http://jofawapedoguw.rf.gd/free_printable_personal_budget_template_excel.pdfIn PDF document text
- https://s3.amazonaws.com/kofabube/the_strength_training_anatomy_workout_v2.pdfIn PDF document text
- https://s3.amazonaws.com/nisoxow/simedunegobegir.pdfIn PDF document text
- https://s3.amazonaws.com/fifuto/beboto.pdfIn PDF document text
- https://s3.amazonaws.com/lorifumofelu/wujuregagapusozoluge.pdfIn PDF document text
- https://s3.amazonaws.com/faduxodiwo/que_significan_los_osos_en_tatuajes.pdfIn PDF document text
- https://s3.amazonaws.com/wupiwupiwot/develop_android_apps_on_linux_ubuntu.pdfIn PDF document text
- https://8ed62699-7d02-4439-b935-4286882ef7d4.filesusr.com/ugd/229b11_362d89c50f63404b9520eb206bf5f96d.pdf?index=trueIn PDF document text
- https://fb79ad55-22b5-4823-9538-35c71bbbd514.filesusr.com/ugd/ea423f_ccbeb0ee3e0b4b5c8283ef665c494119.pdf?index=trueIn PDF document text
- https://238a82c5-85a8-4641-a991-2f0f5270ddc4.filesusr.com/ugd/63f22d_7690e7b5e37a4d4ba47fb69e27a55fb4.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tifuwuw/cause_and_effect_worksheets_grade_6.pdfIn PDF document text
- https://781b76d0-895c-4d4e-90f3-491762fad171.filesusr.com/ugd/894952_6db89c6cc52a41f09058e5a0f709bb9f.pdf?index=trueIn PDF document text
- http://fukefuxatolu.epizy.com/how_much_oil_does_a_briggs_and_stratton_675_series_take.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eaef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAEF | 5032 bytes |
SHA-256: daecc8aca84d1831d6a1fc7461593cdf5cf68ddf3117e28cf19733018be5914f |
|||
font_01_sfnt_off0000fc19.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC19 | 11164 bytes |
SHA-256: 174597fb93d6ce3c19f2064ea120d12ee1c982221fb696d216db036518b82c10 |
|||
font_02_sfnt_off000121b1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x121B1 | 4324 bytes |
SHA-256: 05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.